Login Credentials Sent In Clear Text

Description

This vulnerability is caused when user credentials are transmitted unencrypted, the credentials must be transmitted via HTTPS in order to prevent a malicious user from intercepting this information.

Bussines Impact

An attacker could intercept the information using a MITM attack to retrieve the credentials that are being sent in Clear text.

Recommendation

To prevent this vulnerability from occurring, make sure that the site transmits to the server only via an encrypted connection (HTTPS).

More Details

The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

Reference

https://cwe.mitre.org/data/definitions/319.html

SQLI to RCE

How to preform SQLI TO RCE? One of the most interesting and important things about any site is the database. So, it’s important to protect

Read More »